Information Clause - User Account

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR"), we inform you about the processing of your personal data in connection with the creation and use of a user account on the CMS Conf website.

1. Data Controller

Detailed information about the data controller can be found in our Privacy Policy.

2. Data Protection Officer

For matters related to data protection, you can contact the data protection team. Detailed information about the data controller and data protection team can be found in our Privacy Policy.

Contact: hello@cmsconf.com

If you have questions or concerns regarding the processing of your personal data, or if you wish to exercise your rights, please contact us. We encourage you to contact us first before filing a complaint with the supervisory authority.

3. Purposes and Legal Basis for Processing

3.1. Account Creation and Management

Purpose: Creation and management of your user account, enabling access to personalized services and content on the CMS Conf website.

Legal basis: Article 6(1)(b) of GDPR - performance of a contract or taking steps prior to entering into a contract (account registration and service provision).

Data processed:

• Email address (required)
• Password (encrypted, required)
• First name and last name (optional)
• Username or display name (optional)
• Profile information (optional)
• Account creation date and time
• Last login date and time
• Account status and preferences

3.2. Service Provision

Purpose: Providing services available through the user account, including access to conference content, personalized features, and communication tools.

Legal basis: Article 6(1)(b) of GDPR - performance of a contract.

Data processed:

• Account activity logs
• Content preferences and settings
• Interaction history with the website
• Saved content and bookmarks

3.3. Communication

Purpose: Sending important information about your account, service updates, security notifications, and responding to your inquiries.

Legal basis: Article 6(1)(b) of GDPR - performance of a contract, and Article 6(1)(f) of GDPR - legitimate interest of the controller (ensuring account security and service quality).

Data processed:

• Email address
• Communication history
• Support tickets and inquiries

3.4. Marketing Communications (with consent)

Purpose: Sending marketing information about CMS Conf, related events, products, and services.

Legal basis: Article 6(1)(a) of GDPR - consent of the data subject.

Data processed:

• Email address
• Name (if provided)
• Marketing preferences

You can withdraw your consent at any time by changing your account settings or clicking the unsubscribe link in marketing emails. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3.5. Security and Fraud Prevention

Purpose: Ensuring the security of your account, preventing fraud, abuse, and unauthorized access.

Legal basis: Article 6(1)(f) of GDPR - legitimate interest of the controller (ensuring security and preventing fraud).

Data processed:

• IP address
• Login attempts and timestamps
• Device information
• Browser type and version
• Security logs

3.6. Analytics and Service Improvement

Purpose: Analyzing user behavior to improve our services, website functionality, and user experience.

Legal basis: Article 6(1)(f) of GDPR - legitimate interest of the controller (service improvement and optimization).

Data processed:

• Aggregated usage statistics
• Feature usage patterns
• Performance metrics

This data is processed in an aggregated and anonymized form where possible.

4. Data Recipients

Your personal data may be shared with the following categories of recipients:

• Service providers: Companies that provide technical services necessary for the operation of the website and user accounts (hosting, cloud services, email services, analytics tools)
• IT service providers: Companies providing IT infrastructure, maintenance, and support services
• Payment processors: If you make payments through your account, payment processing companies (only payment-related data)
• Legal and regulatory authorities: When required by law or to protect our rights and the rights of our users

All service providers are bound by appropriate data processing agreements and are required to process your data only for the purposes specified by us and in accordance with applicable data protection laws.

5. Transfer of Data Outside the European Economic Area

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place to protect your personal data, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as provided for in GDPR

If you would like more information about the specific safeguards applied to transfers of your personal data, please contact us.

6. Data Retention Period

Your personal data will be stored for the following periods:

• Active account data: For the duration of your account's existence and for a period of 3 years after account deletion or inactivity, unless a longer retention period is required by law
• Account security logs: Maximum 12 months from the date of creation
• Marketing consent data: Until consent is withdrawn or the account is deleted
• Legal obligations: As long as required by applicable law (e.g., tax records, accounting documents)

After the retention period expires, your personal data will be permanently deleted or anonymized in a manner that prevents identification.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access - You can request information about what personal data we process about you and receive a copy of your data
• Right to rectification - You can request correction of inaccurate or incomplete data
• Right to erasure - You can request deletion of your data in certain circumstances (e.g., when data is no longer necessary, consent is withdrawn, or data processing is unlawful)
• Right to restriction of processing - You can request restriction of data processing in certain circumstances
• Right to data portability - You can request transfer of your data in a structured, commonly used format
• Right to object - You can object to processing based on legitimate interests
• Right to withdraw consent - If processing is based on consent, you can withdraw it at any time

To exercise these rights, please contact us at: hello@cmsconf.com

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by an additional two months, and we will inform you of any such extension.

You also have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych - UODO), ul. Stawki 2, 00-193 Warsaw, Poland, email: kancelaria@uodo.gov.pl, website: https://uodo.gov.pl if you believe that the processing of your personal data violates GDPR provisions. However, we encourage you to contact us first, as we are committed to resolving any issues.

Right to Object to Direct Marketing

When personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

You can exercise this right by contacting us at hello@cmsconf.com.

Right to Object to Direct Marketing

When personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

You can exercise this right by contacting us at hello@cmsconf.com.

Right to Freely Express or Withdraw Consent for Data Processing

Every data subject has the general right to freely express or withdraw consent for the processing of personal data. In cases where personal data is processed on the basis of granted consent, we will provide the possibility to withdraw it at any time.

Withdrawal of consent will have immediate effect from the moment of this action and will not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent does not affect the processing of data that took place before its withdrawal.

Withdrawal of consent does not entail any negative consequences, except that it may prevent us from providing certain services that require consent.

8. Obligation to Provide Data

Providing personal data is voluntary, but necessary for:

• Creating and maintaining a user account
• Using services available through the account
• Receiving important account-related communications

Failure to provide required data (such as email address and password) will prevent you from creating an account and using account-based services.

Providing additional data (such as name, profile information) is optional and allows us to provide you with a more personalized experience.

9. Automated Decision-Making and Profiling

We may use automated processing of your personal data for the following purposes:

• Account security monitoring and fraud detection
• Personalization of content and services based on your preferences and behavior
• Analytics and service improvement

We do not make automated decisions that produce legal effects concerning you or similarly significantly affect you, except for automated security measures that are necessary for the performance of the contract (account security).

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into or performance of a contract, or is based on your explicit consent.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including:

• Encryption of sensitive data (passwords are hashed and never stored in plain text)
• SSL/TLS encryption for data transmission
• Regular security audits and updates
• Access controls and authentication mechanisms
• Backup and disaster recovery procedures

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

11. Changes to This Information Clause

We may update this Information Clause from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by:

• Posting the updated version on this page
• Sending an email notification to your registered email address
• Displaying a notice on the website when you log in

The "Last updated" date at the bottom of this page indicates when this Information Clause was last revised.

12. Contact

If you have any questions about this Information Clause or the processing of your personal data in connection with your user account, please contact us. Detailed contact information can be found in our Privacy Policy.

For data protection matters, you can also contact the data protection team. Detailed information about the data protection team can be found in our Privacy Policy.